Providing out-of-band management traffic and data traffic over a backup path via a dual use device转让专利
申请号 : US14336577
文献号 : US09497686B2
文献日 : 2016-11-15
发明人 : Ellison F. Keller , Joseph E. Sheets , James E. Butler
申请人 : Verizon Patent and Licensing Inc.
摘要 :
权利要求 :
What is claimed is:
说明书 :
In computer administration, out-of-band management may refer to management of a device via a system console of the device. Out-of-band management may be provided even in the event of a device failure so that an administrator may troubleshoot and/or fix the device.
The following detailed description of example implementations refers to the accompanying drawings. The same reference numbers in different drawings may identify the same or similar elements.
A customer of a network service provider may want to establish a backup communication path (e.g., between an internal customer network and external devices) in case a primary communication path fails. The customer may want the backup communication path to be capable of transferring data traffic between internal customer devices (e.g., located at a customer premises) and external devices (e.g., employee devices, third party devices, etc.). Furthermore, the customer may want the backup communication path to be capable of transferring management traffic for out-of-band management of a customer network device (e.g., to configure the customer network device, to troubleshoot the customer network device, to repair the customer network device, to monitor the customer network device, etc.). In some cases, the data traffic and the management traffic may be processed using different devices or different networks, which may be costly. Implementations described herein assist in combining the processing of data traffic and management traffic using a device and/or network capable of differentiating between the different types of traffic.
As further shown in
Customer network device 205 may include one or more devices capable of receiving, generating, processing, storing, and/or providing network traffic. For example, customer network device 205 may include a router, a switch, a hub, a firewall, a gateway, a bridge, a load balancer, an intrusion detection system, a security device, a server device (e.g., a proxy server, a reverse proxy, etc.), or a similar device. In some implementations, customer network device 205 may process data traffic destined for and/or received from customer device 215, and/or may process management traffic that permits management device 225 to perform out-of-band management associated with customer network device 205 and/or customer network 210. Customer network device 205 may include a data port (e.g., an Ethernet port, etc.) that provides a data connection (e.g., an Ethernet connection, etc.) to dual use device 220, and via which data traffic is transferred between customer network device 205 and dual use device 220. Furthermore, customer network device 205 may include a management port (e.g., a serial port, a console port, a universal serial bus (USB) port, an auxiliary port, etc.) that provides a management connection (e.g., a serial connection, etc.) to dual use device 220, and via which management traffic is transferred between customer network device 205 and dual use device 220.
Customer network device 205 may be used in connection with a single customer device 215 or a group of customer devices 215 (e.g., within customer network 210, such as a data center, a private network, etc.). Communications may be routed through customer network device 205 to reach customer network 210. For example, customer network device 205 may be positioned within a network as a gateway that provides access to customer network 210.
Customer network 210 may include one or more wired and/or wireless networks. For example, customer network 210 may include a local area network (LAN), a private network, an ad hoc network, an intranet, a cloud computing network, and/or a combination of these or another type of network. In some implementations, customer network 210 may be a private network associated with a customer of a service provider that provides network services (e.g., cellular network services, private network services, virtual private network services, etc.). Additionally, or alternatively, customer network 210 may be located at a customer premises.
Customer device 215 may include one or more devices capable of receiving, generating, processing, storing, and/or providing information associated with a customer, such as a business entity. For example, customer device 215 may include a computing device and/or a communication device, such as a server device (e.g., a web server, a back-end server, a host server, a storage server, etc.), a desktop computer, a laptop computer, a point-of-sale device, or a similar device. In some implementations, customer device 215 may store information associated with the customer (e.g., sales records, customer orders, etc.). Additionally, or alternatively, customer device 215 may receive information from and/or transmit information to another device (e.g., user device 230) via network device 210.
Dual use device 220 may include one or more devices capable of receiving, generating, processing, storing, and/or providing network traffic. For example, dual use device 220 may include a bridge (e.g., a cellular bridge), a router (e.g., a cellular router), a modem (e.g., a cellular modem), a switch, a hub, a gateway, or a similar device. Dual use device 220 may receive and/or provide network traffic (e.g., data traffic, management traffic, etc.) via an air interface with base station 235 (e.g., using a cellular modem). Dual use device 220 may receive and/or provide management traffic via a management connection with customer network device 205, such as a serial connection with a console port of customer network device 205. Additionally, or alternatively, dual use device 220 may receive and/or provide data traffic via a data connection with customer network device 205, such as an Ethernet connection with a data port of customer network device 205. In this way, dual use device 220 may provide out-of-band access to a console of customer network device 205, and may provide a backup path for customer network device 205 using the cellular connection (e.g., when a direct connection between customer network device 205 and private network 250 experiences a failure).
Management device 225 may include one or more devices capable of receiving, generating, processing, storing, and/or providing management traffic (e.g., used to manage and/or configure customer network device 205). For example, management device 225 may include a computing device and/or communication device, such as a client terminal, a desktop computer, a laptop computer, a server device, or a similar device. Management device 225 may send management traffic to customer network device 205, and may receive management traffic from customer network device 205. When a primary path between private network 250 and customer network device 205 fails, management device 225 may send and/or receive the management traffic via a backup path that traverses, for example, dual use device 220, base station 235, cellular network 245, gateway device 240, and private network 250.
User device 230 may include one or more devices capable of receiving, generating, processing, storing, and/or providing data traffic (e.g., network traffic sent from and/or destined for customer device 215, and/or network traffic that is not used to manage and/or configure customer network device 205). For example, user device 230 may include a computing device and/or communication device, such as a mobile device (e.g., a smart phone), a desktop computer, a laptop computer, a tablet computer, a server device, or a similar device. User device 230 may send data traffic to customer network device 205 for transfer to customer device 215, and may receive data traffic from customer device 215 via customer network device 205. When a primary path between private network 250 and customer network device 205 fails, user device 230 may send and/or receive the data traffic via a backup path that traverses, for example, dual use device 220, base station 235, cellular network 245, gateway device 240, and private network 250.
Base station 235 may include one or more devices capable of transferring network traffic, such as management traffic and/or data traffic (e.g., audio traffic, video traffic, text traffic, etc.), destined for and/or received from one or more devices shown in
Gateway device 240 may include one or more devices capable of transferring network traffic, such as management traffic and/or data traffic, destined for and/or received from one or more devices shown in
Cellular network 245 may include one or more wireless networks, such as one or more cellular networks. For example, cellular network 245 may include a cellular network (e.g., an LTE network, a 4G network, a 3G network, a 2G network, a code division multiple access (CDMA) network, etc.), a public land mobile network (PLMN), a LAN, a wide area network (WAN), a metropolitan area network (MAN), and/or a combination of these or other types of networks (e.g., a combination of a cellular network and a non-cellular network).
Private network 250 may include one or more wired and/or wireless networks. In some implementations, private network 250 may include a network other than a cellular network (e.g., other than cellular network 245). For example, private network 250 may include a PLMN, a LAN, a WAN, a MAN, a telephone network (e.g., the Public Switched Telephone Network (PSTN)), an ad hoc network, an intranet, the Internet, a fiber optic-based network, and/or a combination of these or other types of networks.
The number and arrangement of devices and networks shown in
Bus 310 may include a component that permits communication among the components of device 300. Processor 320 may include a processor (e.g., a central processing unit (CPU), a graphics processing unit (GPU), an accelerated processing unit (APU), etc.), a microprocessor, and/or any processing component (e.g., a field-programmable gate array (FPGA), an application-specific integrated circuit (ASIC), etc.) that interprets and/or executes instructions. Memory 330 may include a random access memory (RAM), a read only memory (ROM), and/or another type of dynamic or static storage device (e.g., a flash memory, a magnetic memory, an optical memory, etc.) that stores information and/or instructions for use by processor 320.
Storage component 340 may store information and/or software related to the operation and use of device 300. For example, storage component 340 may include a hard disk (e.g., a magnetic disk, an optical disk, a magneto-optic disk, a solid state disk, etc.), a compact disc (CD), a digital versatile disc (DVD), a floppy disk, a cartridge, a magnetic tape, and/or another type of computer-readable medium, along with a corresponding drive.
Input component 350 may include a component that permits device 300 to receive information, such as via user input (e.g., a touch screen display, a keyboard, a keypad, a mouse, a button, a switch, a microphone, etc.). Additionally, or alternatively, input component 350 may include a sensor for sensing information (e.g., a global positioning system (GPS) component, an accelerometer, a gyroscope, an actuator, etc.). Output component 360 may include a component that provides output information from device 300 (e.g., a display, a speaker, one or more light-emitting diodes (LEDs), etc.).
Communication interface 370 may include a transceiver-like component (e.g., a transceiver, a separate receiver and transmitter, etc.) that enables device 300 to communicate with other devices, such as via a wired connection, a wireless connection, or a combination of wired and wireless connections. Communication interface 370 may permit device 300 to receive information from another device and/or provide information to another device. For example, communication interface 370 may include an Ethernet interface, an optical interface, a coaxial interface, an infrared interface, a radio frequency (RF) interface, a universal serial bus (USB) interface, a Wi-Fi interface, a cellular network interface, or the like.
Device 300 may perform one or more processes described herein. Device 300 may perform these processes in response to processor 320 executing software instructions stored by a computer-readable medium, such as memory 330 and/or storage component 340. A computer-readable medium is defined herein as a non-transitory memory device. A memory device includes memory space within a single physical storage device or memory space spread across multiple physical storage devices.
Software instructions may be read into memory 330 and/or storage component 340 from another computer-readable medium or from another device via communication interface 370. When executed, software instructions stored in memory 330 and/or storage component 340 may cause processor 320 to perform one or more processes described herein. Additionally, or alternatively, hardwired circuitry may be used in place of or in combination with software instructions to perform one or more processes described herein. Thus, implementations described herein are not limited to any specific combination of hardware circuitry and software.
The number and arrangement of components shown in
As shown in
As further shown in
Gateway device 240 may determine whether incoming network traffic is management traffic or data traffic based on a destination network address (e.g., a destination internet protocol (IP) address, a destination media access control (MAC) address, etc.) associated with the incoming network traffic, in some implementations. For example, if incoming network traffic is destined for dual use device 220 (e.g., if a destination IP address, included in the network traffic, identifies dual use device 220), then gateway device 240 may determine that the network traffic is management traffic. Alternatively, if the incoming network traffic is not destined for dual use device 220 (e.g., is destined for customer network device 205, customer device 215, etc.), then gateway device 240 may determine that the network traffic is data traffic.
Additionally, or alternatively, gateway device 240 may determine whether incoming network traffic is management traffic or data traffic based on a source network address (e.g., a source IP address, a source MAC address, etc.) associated with the incoming network traffic. For example, if incoming network traffic is received from management device 225 (e.g., if a source IP address, included in the network traffic, identifies management device 225), then gateway device 240 may determine that the network traffic is management traffic. Alternatively, if the incoming network traffic is not received from management device 225 (e.g., is received from user device 230), then gateway device 240 may determine that the network traffic is data traffic.
In some implementations, gateway device 240 may store a data structure that identifies a network address and a device with which the network address is associated. For example, relationship information stored in the data structure may indicate a relationship between a particular network address and a particular device, such as customer network device 205, customer device 215, dual use device 220, management device 225, user device 230, etc. In this way, gateway device 240 may determine a type of device for which the network traffic is destined and/or from which the network traffic is received, and may determine whether the network traffic is management traffic or data traffic based on the type of device.
Additionally, or alternatively, gateway device 240 may determine whether incoming network traffic is management traffic or data traffic based on a traffic type identifier included in the network traffic (e.g., a network traffic packet). For example, the network traffic may include a traffic type identifier that identifies whether the network traffic is management traffic or data traffic. Gateway device 240 may analyze the traffic type identifier to determine whether incoming network traffic is management traffic or data traffic.
As further shown in
As further shown in
As further shown in
Dual use device 220 may determine whether incoming network traffic is management traffic or data traffic based on a destination network address associated with the incoming network traffic, a source network address associated with the incoming traffic, and/or a traffic type identifier included in the incoming network traffic, as described above in connection with block 420. Additionally, or alternatively, dual use device 220 may determine whether incoming network traffic is management traffic or data traffic based on a path via which the network traffic is received. For example, if dual use device 220 determines that the network traffic was received via the network tunnel (e.g., a first path that includes the network tunnel), then dual use device 220 may determine that the network traffic is data traffic. As another example, if dual use device 220 determines that the network traffic was not received via the network tunnel (e.g., was received via a second path that does not include the network tunnel), then dual use device 220 may determine that the network traffic is management traffic.
In some implementations, such as when dual use device 220 is a bridge, the network tunnel may terminate at customer network device 205. In some implementations, such as when dual use device 220 is a router, the network tunnel may terminate at dual use device 220.
As further shown in
In some implementations, the network tunnel may include the data connection between dual use device 220 and customer network device 205. In other words, when encapsulating data traffic to provide the data traffic over the network tunnel, gateway device 240 may identify customer network device 205 as a network tunnel endpoint. When dual use device 220 receives the data traffic via the tunnel, dual use device 220 may forward the data traffic, via the network tunnel and over the data connection, to customer network device 205. Customer network device 205 may decapsulate the data traffic, and may provide the data traffic to a destination device (e.g., a particular customer device 215).
As further shown in
In some implementations, management device 225 may communicate with customer network device 205 over the backup path by sending management traffic, via a telnet session, that identifies a management port of dual use device 220. In this case, the management port may include, for example, a transmission control protocol (TCP) port or a user datagram protocol (UDP) port via which dual use device 220 provides the management traffic to customer network device 205. Additionally, or alternatively, management device 225 may communicate with customer network device 205 over the backup path by sending management traffic, via an SSH session, that identifies a management port of dual use device 220. In this case, the management port may include, for example, a serial port via which dual use device 220 provides the management traffic to customer network device 205.
In this way, gateway device 240 and dual use device 220 may assist in providing out-of-band management services and backup data transfer services when a primary path between customer network device 205 and private network 250 fails.
Although
For the purpose of
As shown in
As shown by reference number 540, based on determining that the network traffic is data traffic, gateway device 240 encapsulates the network traffic (e.g., using a tunnel endpoint identifier), and provides the network traffic to customer network device 205 via a network tunnel that traverses base station 235 and dual use device 220. Dual use device 220 receives the network traffic (e.g., via the network tunnel), and determines that the network traffic is data traffic destined for customer network device 205 (e.g., identified by a tunnel endpoint identifier, such as an IP address of 20.20.20.20). As shown by reference number 550, based on determining that the network traffic is data traffic, dual use device 220 provides the data traffic to customer device 205 via a data connection (e.g., an Ethernet connection included as part of the network tunnel, an IP Passthrough connection, a connection that utilizes dynamic host configuration protocol (DHCP), etc.). Customer network device 205 decapsulates the network traffic, and provides the network traffic to destination device 215 via customer network 210.
As shown in
As shown by reference number 580, based on determining that the network traffic is management traffic, gateway device 240 provides the network traffic to dual use device 220 via a path that is outside of the network tunnel (e.g., but still traverses base station 235). Dual use device 220 receives the network traffic (e.g., via the path that is outside of the network tunnel), and determines that the network traffic is management traffic to be used to manage customer network device 205 (e.g., based on determining that the IP address of dual use device 220 is identified as a destination IP address in the network traffic). As shown by reference number 590, based on determining that the network traffic is management traffic, dual use device 220 provides the management traffic to customer device 205 via a management connection (e.g., a serial connection that is outside of the network tunnel). Customer network device 205 is configured based on the management traffic.
As indicated above,
For the purpose of
As shown in
As shown by reference number 640, based on determining that the network traffic is data traffic, gateway device 240 encapsulates the network traffic (e.g., using a tunnel endpoint identifier), and provides the network traffic via a network tunnel. In example implementation 600, however, assume that dual use device 220 is a tunnel endpoint (e.g., as opposed to customer network device 205, as shown in example implementation 500).
Dual use device 220 receives the network traffic (e.g., via the network tunnel), decapsulates the network traffic, and determines that the network traffic is data traffic destined for customer network device 205 (e.g., the network traffic identifies a destination IP address of 20.20.20.20). As shown by reference number 650, based on determining that the network traffic is data traffic, dual use device 220 provides the data traffic to customer device 205 via a data connection (e.g., an Ethernet connection). Customer network device 205 provides the network traffic to destination device 215 via customer network 210.
As shown in
As shown by reference number 680, based on determining that the network traffic is management traffic, gateway device 240 provides the network traffic to dual use device 220 via a path that is outside of the network tunnel. Dual use device 220 receives the network traffic (e.g., via the path that is outside of the network tunnel), and determines that the network traffic is management traffic to be used to manage customer network device 205 (e.g., based on determining that the IP address of dual use device 220 is identified as a destination IP address in the network traffic). As shown by reference number 690, based on determining that the network traffic is management traffic, dual use device 220 provides the management traffic to customer device 205 via a management connection (e.g., a serial connection). Customer network device 205 is configured based on the management traffic.
In this way, gateway device 240 and dual use device 220 may assist in providing out-of-band management services and backup data transfer services when a primary path between customer network device 205 and private network 250 fails.
As indicated above,
As shown in
As further shown in
Additionally, or alternatively, dual use device 220 may determine whether outgoing network traffic is management traffic or data traffic based on a connection via which the network traffic is received by dual use device 220. For example, if dual use device 220 receives the outgoing network traffic from customer network device 205 via a data connection (e.g., on a data port, such as an Ethernet port), then dual use device 220 may determine that the network traffic is data traffic. As another example, if dual use device 220 receives the outgoing network traffic from customer network device 205 via a management connection (e.g., on a management port, such as a serial port, a console port, etc.), then dual use device 220 may determine that the network traffic is management traffic.
As further shown in
As further shown in
In this way, gateway device 240 and dual use device 220 may assist in providing out-of-band management services and backup data transfer services when a primary path between customer network device 205 and private network 250 fails.
Although
As shown in
As shown in
As indicated above,
As shown in
As shown in
In this way, gateway device 240 and dual use device 220 may assist in providing out-of-band management services and backup data transfer services when a primary path between customer network device 205 and private network 250 fails.
As indicated above,
The foregoing disclosure provides illustration and description, but is not intended to be exhaustive or to limit the implementations to the precise form disclosed. Modifications and variations are possible in light of the above disclosure or may be acquired from practice of the implementations.
As used herein, the term component is intended to be broadly construed as hardware, firmware, or a combination of hardware and software.
To the extent the aforementioned embodiments collect, store, or employ personal information provided by individuals, it should be understood that such information shall be used in accordance with all applicable laws concerning protection of personal information. Additionally, the collection, storage, and use of such information may be subject to consent of the individual to such activity, for example, through well known “opt-in” or “opt-out” processes as may be appropriate for the situation and type of information. Storage and use of personal information may be in an appropriately secure manner reflective of the type of information, for example, through various encryption and anonymization techniques for particularly sensitive information.
It will be apparent that systems and/or methods, described herein, may be implemented in different forms of hardware, firmware, or a combination of hardware and software. The actual specialized control hardware or software code used to implement these systems and/or methods is not limiting of the implementations. Thus, the operation and behavior of the systems and/or methods were described herein without reference to specific software code—it being understood that software and hardware can be designed to implement the systems and/or methods based on the description herein.
Even though particular combinations of features are recited in the claims and/or disclosed in the specification, these combinations are not intended to limit the disclosure of possible implementations. In fact, many of these features may be combined in ways not specifically recited in the claims and/or disclosed in the specification. Although each dependent claim listed below may directly depend on only one claim, the disclosure of possible implementations includes each dependent claim in combination with every other claim in the claim set.
No element, act, or instruction used herein should be construed as critical or essential unless explicitly described as such. Also, as used herein, the articles “a” and “an” are intended to include one or more items, and may be used interchangeably with “one or more.” Furthermore, as used herein, the term “set” is intended to include one or more items, and may be used interchangeably with “one or more.” Where only one item is intended, the term “one” or similar language is used. Also, as used herein, the terms “has,” “have,” “having,” or the like are intended to be open-ended terms. Further, the phrase “based on” is intended to mean “based, at least in part, on” unless explicitly stated otherwise.